Skip to content

fix(interview-scheduler): fix interview permissions & mail feature #228

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 30, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 20 additions & 1 deletion src/common/helper.js
Original file line number Diff line number Diff line change
Expand Up @@ -1350,6 +1350,24 @@ function extractWorkPeriods (start, end) {
return periods
}

/**
* Returns the email address of specified (via handle) user.
*
* @param {String} userHandle user handle
* @returns {String} email address of the user
*/
async function getUserEmailByHandle (userHandle) {
const token = await getM2MToken()
const url = `${config.TC_API}/members/${userHandle}`
const res = await request
.get(url)
.set('Authorization', `Bearer ${token}`)
.set('Content-Type', 'application/json')
.set('Accept', 'application/json')
localLogger.debug({ context: 'getUserEmailByHandle', message: `response body: ${JSON.stringify(res.body)}` })
return _.get(res, 'body.email')
}

module.exports = {
getParamFromCliArgs,
promptUser,
Expand Down Expand Up @@ -1398,5 +1416,6 @@ module.exports = {
createChallenge,
updateChallenge,
createChallengeResource,
extractWorkPeriods
extractWorkPeriods,
getUserEmailByHandle
}
7 changes: 4 additions & 3 deletions src/eventHandlers/InterviewEventHandler.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,18 +19,19 @@ async function sendInvitationEmail (payload) {

// get job candidate user details
const jobCandidate = await models.JobCandidate.findById(interview.jobCandidateId)
const jobCandidateUser = await helper.getUserById(jobCandidate.userId, true)
const jobCandidateUser = await helper.getUserById(jobCandidate.userId)
const jobCandidateUserEmail = await helper.getUserEmailByHandle(jobCandidateUser.handle)
// get customer details
const job = await jobCandidate.getJob()
const interviewerList = interview.attendeesList

teamService.sendEmail({}, {
template: 'interview-invitation',
cc: interview.attendeesList,
cc: [jobCandidateUserEmail, ...interview.attendeesList],
data: {
interviewType: interview.xaiTemplate,
interviewRound: interview.round,
interviewDuration: Interviews.XaiTemplate[interview.xaiTemplate],
interviewerList: interview.attendeesList,
jobName: job.title,
candidateName: `${jobCandidateUser.firstName} ${jobCandidateUser.lastName}`,
candidateId: interview.jobCandidateId
Expand Down
18 changes: 10 additions & 8 deletions src/services/InterviewService.js
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,14 @@ const esClient = helper.getESClient()
* Ensures user is permitted for the operation.
*
* @param {Object} currentUser the user who perform this operation.
* @param {String} jobCandidateId the job candidate id
* @throws {errors.ForbiddenError}
*/
function ensureUserIsPermitted (currentUser) {
const isUserPermitted = currentUser.hasManagePermission || currentUser.isMachine
if (isUserPermitted !== true) {
throw new errors.ForbiddenError('You are not allowed to perform this action!')
async function ensureUserIsPermitted (currentUser, jobCandidateId) {
if (!currentUser.hasManagePermission && !currentUser.isMachine) {
const jobCandidate = await models.JobCandidate.findById(jobCandidateId)
const job = jobCandidate.getJob()
await helper.checkIsMemberOfProject(currentUser.userId, job.projectId)
}
}

Expand Down Expand Up @@ -58,7 +60,7 @@ function handleSequelizeError (err, jobCandidateId) {
*/
async function getInterviewByRound (currentUser, jobCandidateId, round, fromDb = false) {
// check permission
ensureUserIsPermitted(currentUser)
await ensureUserIsPermitted(currentUser, jobCandidateId)
if (!fromDb) {
try {
// get job candidate from ES
Expand Down Expand Up @@ -113,7 +115,7 @@ getInterviewByRound.schema = Joi.object().keys({
*/
async function requestInterview (currentUser, jobCandidateId, interview) {
// check permission
ensureUserIsPermitted(currentUser)
await ensureUserIsPermitted(currentUser, jobCandidateId)

interview.id = uuid()
interview.jobCandidateId = jobCandidateId
Expand Down Expand Up @@ -168,7 +170,7 @@ requestInterview.schema = Joi.object().keys({
*/
async function partiallyUpdateInterview (currentUser, jobCandidateId, round, data) {
// check permission
ensureUserIsPermitted(currentUser)
await ensureUserIsPermitted(currentUser, jobCandidateId)

const interview = await Interview.findOne({
where: {
Expand Down Expand Up @@ -234,7 +236,7 @@ partiallyUpdateInterview.schema = Joi.object().keys({
*/
async function searchInterviews (currentUser, jobCandidateId, criteria) {
// check permission
ensureUserIsPermitted(currentUser)
await ensureUserIsPermitted(currentUser, jobCandidateId)

const { page, perPage } = criteria

Expand Down